sriskadnot
Configure OfficeScan to send you and other OfficeScan administrators a notification when it detects a security risk, or only when the action on the security risk is unsuccessful and therefore requires your intervention.
OfficeScan comes with a set of default notification messages that inform you and other OfficeScan administrators of security risk detections. You can modify the notifications and configure additional notification settings to suit your requirements.
OfficeScan can send notifications through email, pager, SNMP trap, and Windows NT Event logs. Configure settings when OfficeScan sends notifications through these channels. For details, see Administrator Notification Settings.
To configure security risk notifications for administrators:
Notifications > Administrator Notifications > Standard Notifications
In the Criteria tab:
Go to the Virus/Malware and Spyware/Grayware sections.
Specify whether to send notifications when OfficeScan detects virus/malware and spyware/grayware, or only when the action on these security risks is unsuccessful.
In the Email tab:
Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
Select Enable notification via email.
Select Send notifications to users with client tree domain permissions.
You can use Role-based Administration to grant client tree domain permissions to users. If a detection occurs on a client belonging to a specific domain, the email will be sent to the email addresses of the users with domain permissions. See the following table for examples:
|
Client Tree Domains and Permissions |
|
Client Tree Domain |
Roles with Domain Permissions |
User Account with the Role |
Email Address for the User Account |
|
Domain A |
Administrator (built-in) |
root |
mary@xyz.com |
|
Role_01 |
admin_john |
john@xyz.com |
|
|
admin_chris |
chris@xyz.com |
||
|
Domain B |
Administrator (built-in) |
root |
mary@xyz.com |
|
Role_02 |
admin_jane |
jane@xyz.com |
If an OfficeScan client belonging to Domain A detects a virus, the email will be sent to mary@xyz.com, john@xyz.com, and chris@xyz.com.
If a client belonging to Domain B detects spyware, the email will be sent to mary@xyz.com and jane@xyz.com.
If you enable this option, all users with domain permissions must have a corresponding email address. The email notification will not be sent to users without an email address. Users and email addresses are configured from Administration > User Accounts.
Select Send notifications to the following email address(es) and then type the email addresses.
Accept or modify the default subject and message. You can use token variables to represent data in the Subject and Message fields.
|
Variable |
Description |
|
Virus/Malware detections |
|
|
%v |
Virus/Malware name |
|
%s |
Computer with virus/malware |
|
%i |
IP address of the computer |
|
%c |
MAC address of the computer |
|
%m |
Domain of the computer |
|
%p |
Location of virus/malware |
|
%y |
Date and time of virus/malware detection |
|
%e |
Virus Scan Engine version |
|
%r |
Virus Pattern version |
|
%a |
Action performed on the security risk |
|
%n |
Name of the user logged on to the infected computer |
|
Spyware/Grayware detections |
|
|
%s |
Computer with spyware/grayware |
|
%i |
IP address of the computer |
|
%m |
Domain of the computer |
|
%y |
Date and time of spyware/grayware detection |
|
%n |
Name of the user logged on to the computer at the time of detection |
|
%T |
Spyware/Grayware and scan result |
In the Pager tab:
Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
Select Enable notification via pager.
Type the message.
In the SNMP Trap tab:
Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
Select Enable notification via SNMP trap.
Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for Security Risk Notifications for details.
In the NT Event Log tab:
Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
Select Enable notification via NT Event Log.
Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for Security Risk Notifications for details.
Click Save.
See also: